Hyper-V Environment

[Guest]

[aWanderer]

Hello,  I wonder if someone could help me out...

I thought this was gonna be easy... I have a complex environment (in my mind) with 12 VM's running on a G6 rack mount server with 4 NIC cards, a Router, and cable modem.

Internet > Router (w/WiFi) 192.168.0.1

What I want to do is funnel ALL the LAN traffic thru an Endian FW installed on a VM

How would I wire this up so NIC1 is used for the EFW only and then I can provision the other NIC's to the VM's, etc.  When I plug in NIC1, it's pulling an IP from my DHCP server (Windows PDC).

Here is what I am thinking...

1. Plug NIC1 into the Router
2. Set a Static LAN IP
3. On the router, designate the IP of NIC1 as being the DMZ

So, at this point, that NIC1 is direct to the internet. When I install EFW, designate it as Red (External)

Am I way off here?  Is there a guide or walk-thru for a setup like this? 

Any help would be greatly appreciated.

[Timmeh]

If you can you should set your router to be in modem mode or bridge mode (no NAT).
This way ALL traffic is passed to the EFW firewall to deal with and will not be intercepted by the router.

**INTERNET**
   ||
   ||
ROUTER (MODEM)
   ||
   ||
(NIC1) -EFW VM- (NIC2)
                            ||
                            ||
           GREEN (TRUSTED LAN)

[aWanderer]

Thank you for the reply.  I've decided to  some hardware solution, as I can't figure out how to wire everything up. I mean, I get the overview... cable modem > Endian VM, etc. Where I get lost is how to do the NIC config's. For example: instructing one NIC to talk only to the firewall and the other is internal...  I just don't get it all. I would need a literal step-by-step.

Thanks for the help thou.


Regards

[Timmeh]

Well if you tell me the exact hardware setup that you have I'll happily provide a solution, if you still require assistance.

[aWanderer]

I very much appreciate your offer to take on this difficult task (more like a project)

My network and equipment is confusing to me. Still learning. It is very much under-utilized as you will see.  Here is the equipment I have:

- 1 Rack mounted DL360 G6 with 4 NIC's (Hyper-V Server) [Hypervisor]
  2 NIC's are Teamed (External Virtual Switch) all the VM's are connected to this Team

- 1 Stand-alone computer w/1 NIC acting as [PDC]
- 1 DGS-1100-16 EasySmart 16-Port Gigabit Switch [Switch]
- 1 ASUS RT-N66U Wireless Router w/vendor firmware [Router]
- 1 Cable Modem [ISP]
- 1 Linksys E4200 WiFi Router - Acting in bridge mode [Bridge][/li][/list]


Map is like this:

ISP > Router [Port 1]
                          |
                        Switch [Port 1]
                          |
                         Hypervisor, NAS, PDC, Bridge, etc.

I have not done any special config on the Switch or Router other than open a  ports. Everything is pretty much defaults and standard.

My Hypervisor has approximately 13 Server VM's. One of them is a Secondary Domain Controller. Rest of the VM's are Citrix and App-V related (LAB).

My household has approximately 43 devices connecting via wired and WiFi.  The WiFi devices mainly connect to the Router but some connect to the Bridge.

My goal would be to use EFW on a VM and have everything filtered thru there including the wifi traffic. I guess it would be acting as a Transparent proxy.

Everything on my network works great. I just plugged it all in and it works.  I am a Certified Citrix admin but very weak on the networking-side of things. I mean, I can do the basics but that's it.  I think that's everything.  If you are able to help me out configuring it all to go thru a VM, you would be KING. Especially since I am "Network Stupid"... you will prob need to draw pictures for me - lol.

Another thought I had recently was this Easy Route...
Rather than use a VM, I have an extra stand-alone PC that is doing nothing. I can add a dual-NIC card to it, configure it as the EFW box. Plug the cable from the ISP into one port and the other cable into the Router WAN port.  With this approach, I would not even have to touch my existing infrastructure.  This would be the easy route for sure but I would rather use a VM to save space, power, etc.  and learn something in the meantime.

Maybe I should go the easy route?

[Timmeh]

I would setup your equipment as follows.

ISP > ROUTER (Bridge in Mode)
                      ||
                      ||
               Hyper-V External Switch (#1) - connect to RED interface of Endian


               Hyper-V External Switch (#2) - connect to GREEN interface of Endian
                      ||
                      ||
               EasySmart Switch with all physical servers plus wireless access point



Make sense? PM me if you still want help.

[aWanderer]

Thank you very much for your help!!

I'll give it a go but it will be a week before I can as I am away.

Regards,
Lane